Diff
Modified: trunk/LayoutTests/ChangeLog (250287 => 250288)
--- trunk/LayoutTests/ChangeLog 2019-09-24 06:28:45 UTC (rev 250287)
+++ trunk/LayoutTests/ChangeLog 2019-09-24 06:59:52 UTC (rev 250288)
@@ -1,3 +1,13 @@
+2019-09-23 Youenn Fablet <you...@apple.com>
+
+ Support sync-xhr feature policy
+ https://bugs.webkit.org/show_bug.cgi?id=202098
+
+ Reviewed by Alex Christensen.
+
+ * TestExpectations: enable test.
+ * platform/mac-wk1/imported/w3c/web-platform-tests/xhr/xmlhttprequest-sync-default-feature-policy.sub-expected.txt: Deleted.
+
2019-09-23 Alex Christensen <achristen...@webkit.org>
Fix WPT test html/browsers/offline/application-cache-api/api_swapcache_error.https.html
Modified: trunk/LayoutTests/TestExpectations (250287 => 250288)
--- trunk/LayoutTests/TestExpectations 2019-09-24 06:28:45 UTC (rev 250287)
+++ trunk/LayoutTests/TestExpectations 2019-09-24 06:59:52 UTC (rev 250288)
@@ -695,7 +695,6 @@
imported/w3c/web-platform-tests/xhr/send-redirect-bogus-sync.htm [ DumpJSConsoleLogInStdErr ]
-imported/w3c/web-platform-tests/xhr/xmlhttprequest-sync-default-feature-policy.sub.html [ Skip ]
webkit.org/b/179607 imported/w3c/web-platform-tests/xhr/access-control-and-redirects-async.htm [ Pass Failure ]
webkit.org/b/179607 imported/w3c/web-platform-tests/xhr/access-control-and-redirects-async-same-origin.htm [ Pass Failure ]
webkit.org/b/179608 imported/w3c/web-platform-tests/xhr/access-control-preflight-async-header-denied.htm [ Failure ]
Modified: trunk/LayoutTests/imported/w3c/ChangeLog (250287 => 250288)
--- trunk/LayoutTests/imported/w3c/ChangeLog 2019-09-24 06:28:45 UTC (rev 250287)
+++ trunk/LayoutTests/imported/w3c/ChangeLog 2019-09-24 06:59:52 UTC (rev 250288)
@@ -1,3 +1,15 @@
+2019-09-23 Youenn Fablet <you...@apple.com>
+
+ Support sync-xhr feature policy
+ https://bugs.webkit.org/show_bug.cgi?id=202098
+
+ Reviewed by Alex Christensen.
+
+ Update test to use hosts[alt][].
+
+ * web-platform-tests/xhr/xmlhttprequest-sync-default-feature-policy.sub-expected.txt:
+ * web-platform-tests/xhr/xmlhttprequest-sync-default-feature-policy.sub.html:
+
2019-09-23 Alex Christensen <achristen...@webkit.org>
Fix WPT test html/browsers/offline/application-cache-api/api_swapcache_error.https.html
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/xhr/xmlhttprequest-sync-default-feature-policy.sub-expected.txt (250287 => 250288)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/xhr/xmlhttprequest-sync-default-feature-policy.sub-expected.txt 2019-09-24 06:28:45 UTC (rev 250287)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/xhr/xmlhttprequest-sync-default-feature-policy.sub-expected.txt 2019-09-24 06:59:52 UTC (rev 250288)
@@ -1,11 +1,6 @@
-Blocked access to external URL http://www.localhost:8800/XMLHttpRequest/xmlhttprequest-sync-default-feature-policy.sub.html#iframe#sync-xhr
-Blocked access to external URL http://www.localhost:8800/XMLHttpRequest/xmlhttprequest-sync-default-feature-policy.sub.html#iframe#sync-xhr
-
-Harness Error (TIMEOUT), message = null
-
PASS Default "sync-xhr" feature policy ["*"] allows the top-level document.
PASS Default "sync-xhr" feature policy ["*"] allows same-origin iframes.
-TIMEOUT Default "sync-xhr" feature policy ["*"] allows cross-origin iframes. Test timed out
-TIMEOUT Feature policy "sync-xhr" can be disabled in cross-origin iframes using "allow" attribute. Test timed out
+PASS Default "sync-xhr" feature policy ["*"] allows cross-origin iframes.
+PASS Feature policy "sync-xhr" can be disabled in cross-origin iframes using "allow" attribute.
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/xhr/xmlhttprequest-sync-default-feature-policy.sub.html (250287 => 250288)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/xhr/xmlhttprequest-sync-default-feature-policy.sub.html 2019-09-24 06:28:45 UTC (rev 250287)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/xhr/xmlhttprequest-sync-default-feature-policy.sub.html 2019-09-24 06:59:52 UTC (rev 250288)
@@ -9,7 +9,7 @@
<script>
'use strict';
run_all_fp_tests_allow_all(
- 'http://{{domains[www]}}:{{ports[http][0]}}',
+ 'http://{{hosts[alt][]}}:{{ports[http][0]}}',
'sync-xhr',
'NetworkError',
() => {
Deleted: trunk/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/xhr/xmlhttprequest-sync-default-feature-policy.sub-expected.txt (250287 => 250288)
--- trunk/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/xhr/xmlhttprequest-sync-default-feature-policy.sub-expected.txt 2019-09-24 06:28:45 UTC (rev 250287)
+++ trunk/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/xhr/xmlhttprequest-sync-default-feature-policy.sub-expected.txt 2019-09-24 06:59:52 UTC (rev 250288)
@@ -1,11 +0,0 @@
-Blocked access to external URL http://www.localhost:8800/XMLHttpRequest/xmlhttprequest-sync-default-feature-policy.sub.html#iframe%23sync-xhr
-Blocked access to external URL http://www.localhost:8800/XMLHttpRequest/xmlhttprequest-sync-default-feature-policy.sub.html#iframe%23sync-xhr
-
-
-Harness Error (TIMEOUT), message = null
-
-PASS Default "sync-xhr" feature policy ["*"] allows the top-level document.
-PASS Default "sync-xhr" feature policy ["*"] allows same-origin iframes.
-TIMEOUT Default "sync-xhr" feature policy ["*"] allows cross-origin iframes. Test timed out
-TIMEOUT Feature policy "sync-xhr" can be disabled in cross-origin iframes using "allow" attribute. Test timed out
-
Modified: trunk/Source/WebCore/ChangeLog (250287 => 250288)
--- trunk/Source/WebCore/ChangeLog 2019-09-24 06:28:45 UTC (rev 250287)
+++ trunk/Source/WebCore/ChangeLog 2019-09-24 06:59:52 UTC (rev 250288)
@@ -1,3 +1,24 @@
+2019-09-23 Youenn Fablet <you...@apple.com>
+
+ Support sync-xhr feature policy
+ https://bugs.webkit.org/show_bug.cgi?id=202098
+
+ Reviewed by Alex Christensen.
+
+ Add support for sync-xhr feature policy parsing.
+ Use this feature policy to control use of sync XHR in documents
+ as per https://xhr.spec.whatwg.org/#the-send()-method step 12.
+
+ Covered by updated test.
+
+ * html/FeaturePolicy.cpp:
+ (WebCore::FeaturePolicy::parse):
+ (WebCore::FeaturePolicy::allows const):
+ * html/FeaturePolicy.h:
+ * xml/XMLHttpRequest.cpp:
+ (WebCore::isSyncXHRAllowedByFeaturePolicy):
+ (WebCore::XMLHttpRequest::createRequest):
+
2019-09-23 Chris Dumez <cdu...@apple.com>
Drop unnecessary SessionID.h header includes
Modified: trunk/Source/WebCore/html/FeaturePolicy.cpp (250287 => 250288)
--- trunk/Source/WebCore/html/FeaturePolicy.cpp 2019-09-24 06:28:45 UTC (rev 250287)
+++ trunk/Source/WebCore/html/FeaturePolicy.cpp 2019-09-24 06:59:52 UTC (rev 250288)
@@ -100,6 +100,7 @@
bool isCameraInitialized = false;
bool isMicrophoneInitialized = false;
bool isDisplayCaptureInitialized = false;
+ bool isSyncXHRInitialized = false;
for (auto allowItem : allowAttributeValue.split(';')) {
auto item = allowItem.stripLeadingAndTrailingMatchedCharacters(isHTMLSpace<UChar>);
if (item.startsWith("camera")) {
@@ -117,6 +118,11 @@
updateList(document, policy.m_displayCaptureRule, item.substring(16));
continue;
}
+ if (item.startsWith("sync-xhr")) {
+ isSyncXHRInitialized = true;
+ updateList(document, policy.m_syncXHRRule, item.substring(8));
+ continue;
+ }
}
// By default, camera, microphone and display-capture policy is 'self'
@@ -127,6 +133,9 @@
if (!isDisplayCaptureInitialized)
policy.m_displayCaptureRule.allowedList.add(document.securityOrigin().data());
+ if (!isSyncXHRInitialized)
+ policy.m_syncXHRRule.type = AllowRule::Type::All;
+
return policy;
}
@@ -139,6 +148,8 @@
return isAllowedByFeaturePolicy(m_microphoneRule, origin);
case Type::DisplayCapture:
return isAllowedByFeaturePolicy(m_displayCaptureRule, origin);
+ case Type::SyncXHR:
+ return isAllowedByFeaturePolicy(m_syncXHRRule, origin);
}
ASSERT_NOT_REACHED();
return false;
Modified: trunk/Source/WebCore/html/FeaturePolicy.h (250287 => 250288)
--- trunk/Source/WebCore/html/FeaturePolicy.h 2019-09-24 06:28:45 UTC (rev 250287)
+++ trunk/Source/WebCore/html/FeaturePolicy.h 2019-09-24 06:59:52 UTC (rev 250288)
@@ -37,7 +37,7 @@
public:
static FeaturePolicy parse(Document&, StringView);
- enum class Type { Camera, Microphone, DisplayCapture };
+ enum class Type { Camera, Microphone, DisplayCapture, SyncXHR };
bool allows(Type, const SecurityOriginData&) const;
struct AllowRule {
@@ -50,6 +50,7 @@
AllowRule m_cameraRule;
AllowRule m_microphoneRule;
AllowRule m_displayCaptureRule;
+ AllowRule m_syncXHRRule;
};
} // namespace WebCore
Modified: trunk/Source/WebCore/xml/XMLHttpRequest.cpp (250287 => 250288)
--- trunk/Source/WebCore/xml/XMLHttpRequest.cpp 2019-09-24 06:28:45 UTC (rev 250287)
+++ trunk/Source/WebCore/xml/XMLHttpRequest.cpp 2019-09-24 06:59:52 UTC (rev 250288)
@@ -33,6 +33,7 @@
#include "EventNames.h"
#include "File.h"
#include "HTMLDocument.h"
+#include "HTMLIFrameElement.h"
#include "HTTPHeaderNames.h"
#include "HTTPHeaderValues.h"
#include "HTTPParsers.h"
@@ -569,6 +570,23 @@
return createRequest();
}
+static inline bool isSyncXHRAllowedByFeaturePolicy(Document& document)
+{
+ auto& topDocument = document.topDocument();
+ if (&document != &topDocument) {
+ for (auto* ancestorDocument = &document; ancestorDocument != &topDocument; ancestorDocument = ancestorDocument->parentDocument()) {
+ auto* element = ancestorDocument->ownerElement();
+ ASSERT(element);
+ if (element && is<HTMLIFrameElement>(*element)) {
+ auto& featurePolicy = downcast<HTMLIFrameElement>(*element).featurePolicy();
+ if (!featurePolicy.allows(FeaturePolicy::Type::SyncXHR, ancestorDocument->securityOrigin().data()))
+ return false;
+ }
+ }
+ }
+ return true;
+}
+
ExceptionOr<void> XMLHttpRequest::createRequest()
{
// Only GET request is supported for blob URL.
@@ -642,6 +660,9 @@
if (m_loader)
setPendingActivity(*this);
} else {
+ if (scriptExecutionContext()->isDocument() && !isSyncXHRAllowedByFeaturePolicy(*document()))
+ return Exception { NetworkError };
+
request.setDomainForCachePartition(scriptExecutionContext()->domainForCachePartition());
InspectorInstrumentation::willLoadXHRSynchronously(scriptExecutionContext());
ThreadableLoader::loadResourceSynchronously(*scriptExecutionContext(), WTFMove(request), *this, options);